Cyber attack on bitcoin a big warning to currency's users

NEW YORK (Reuters) - A massive cyber attack from unknown sources that has been spamming bitcoin exchanges is highlighting some of the dangers people can encounter when they exchange cash for digital currencies like the bitcoin, experts said on Wednesday.

Some of Bitcoin enthusiast Mike Caldwell's coins are pictured at his office in this photo illustration in Sandy, Utah, January 31, 2014. REUTERS/Jim Urquhart REUTERS/Jim Urquhart

The attack, which is technically known as a distributed denial of service attack, involved thousands of phantom transactions, forcing at least three of the online platforms that store bitcoins and trade them for traditional currencies to halt withdrawals of bitcoins until they can determine which transactions were real.

It showed that bitcoin, which exists solely in cyberspace and operates on a software code written by an unknown programmer or group of programmers, is as vulnerable to such an assault as any other Internet-based business. It exposes the higher risks involved in owning and trading the instrument compared with the dollar and other traditional currencies. Bitcoins slumped in value as a result of the disruptions.

“Bitcoin is still an experimental protocol in its infancy,” said Micky Malka, a venture capitalist who is on the board of Bitcoin’s trade group, the Bitcoin Foundation.

“It will grow and mature over time,” he added. “No one should be investing an amount they cannot afford to lose.”

This week’s attack was not the first, said Andreas Antonopoulos, chief security officer for blockchain.info, a website that tracks bitcoin activity and provides online storage services for bitcoin users.

Antonopoulos is also a member of a group of core bitcoin programmers and is part of an emergency response team of programmers who have been working to fix the flaws in the code governing some bitcoin transactions that the attackers were exploiting. He said that work that should be completed by the middle of next week, echoing an estimate provided by a spokeswoman for the Bitcoin Foundation who said its core developers were all participating in the effort to fix the code.

Bitcoin is a decentralized digital system of value transfers that is not governed by any central bank, company or government. No assets back the bitcoin, whose value has fluctuated widely as its visibility has increased. Last September, a bitcoin was worth around $150. By late December the value was near the $1,000 mark.

Regulators around the world are struggling how to categorize the bitcoin. Some want to call it an asset class, others a commodity. Bitcoin users call it a currency and many advocate for its mass adoption, claiming it can help solve problems created by expensive and time-consuming bank transactions.

Early adopters also liked the anonymity bitcoin has offered, since it can be transferred between users without any exchange of personal identification information. However, moves by various authorities to pursue bitcoin users who they say have laundered money using the currency and attempts to regulate bitcoin exchanges could soon lower the level of anonymity in transactions.

On Tuesday, Slovenia-based Bitstamp became the second major bitcoin exchange to halt customer withdrawals in the past several days, citing “inconsistent results” and blaming a denial-of-service attack.

That was a day after Mt. Gox, based in Tokyo and the best-known digital marketplace operator, said a halt on withdrawals would continue indefinitely. Traders reacted to the halt by sending the bitcoin value to its lowest level in nearly two months.

A Bulgaria-based bitcoin exchange also had to halt withdrawals, Antonopoulos said.

The price of bitcoins, which have gained wider acceptance in recent months, dropped in the wake of the attacks from around $850 late last month. On Wednesday, they were quoted down nearly 2 percent for the day at $656 per coin on the bitcoin tracking website CoinDesk.

“Anyone who plays in this space, you better have a plan for when an attack happens because it’s going to be a when, not an if,” said Brian Krebs, a Washington-based cyber security expert who runs the blog KrebsOnSecurity.com.

The lesson for investors was that the bitcoin wasn’t as liquid as initially advertised, said Jason Scharfman, a financial due diligence expert and managing partner at consulting firm Corgentum.

“These types of attacks, they’re effectively freezing some of the accounts because the exchanges don’t want to pay out to the wrong person,” he said. “If something’s frozen or there’s a question about me being able to redeem my bitcoins, the value of them drops.”

“Does this spook financial investors?” he added. “The answer is yes.”

Scharfman said one way to mitigate the risks of such attacks would be to spread holdings of bitcoins out among several different online storage facilities. That way if one were attacked the other might still have a chance at being safe.

Scharfman said the more regulatory scrutiny that bitcoin exchanges received, the safer they were likely to be.

“Regulation will sort of normalize which exchanges are the most secure. They’ll mandate security measures and smaller exchanges just won’t be able to afford it,” he said.